On Thu, Aug 05, 2010 at 09:11:08AM -0400, John Marrett wrote: > Dave, > > > This is currently not possible with HAproxy. It can not alter or check > > anything inside the HTTP body currently. You can only access > > inside the HTTP header section here. > > I don't believe that any load balancer will be able to do this > (dangerous statement!). > > It would require the load balancer to buffer the entire request and > search the entire body to determine where it will need to send to > request. This kind of approach would fall apart under fairly light load > and/or require exceptionally large quantities of RAM.
While what you say is perfectly true, in fact haproxy can analyse the beginning of a post under some circumstances (the first part that fits in a request buffer). It's the "checkpost" option of the "urlparam" LB algorithm which was developped by the guys at Nokia a few years ago. Their reasoning was interesting : if the load balancer needs to check something in a post, then this thing has to be close to the beginning. And often, a session ID or things like that are put at the beginning because they're present in any request. Thus it can work for most usages without requiring infinite storage. That said, we're still not able to extract contents from a POST request. This is not something complicated to add now, I'll see if I can add it for 1.5. > If there are products that can do this, open source or commerical I > would be somewhat interested to know about them, I've never needed to do > anything like it but it's always useful to have more tools in your tool > box. I know at least a WAF product that can analyse every parameter of a POST request. But it has to send the request to disk if it's too large. > If you can find a tool that does it you'll probably want to deploy it > behind haproxy with a simpler URL based ACL to send it to it, that way > you won't be unncessarily analysing the full body of every POST. Yes that's a solution too ! Cheers, Willy
